Re: FBR: add lists.pagure.io to our mailing-lists
On Mon, Sep 24, 2018 at 8:05 PM Pierre-Yves Chibon wrote: > On Mon, Sep 24, 2018 at 02:46:00PM +0200, Brian (bex) Exelbierd wrote: > >On Fri, Sep 21, 2018 at 4:40 PM Aurelien Bompard < > aurel...@bompard.org> > >wrote: > > > > Hey folks! > > > > Pingou would like to announce the availability of mailing-lists on > > lists.pagure.io with the 5.0 release. The following patch should > add > > the new domain to our mailing list server. > > Affected services are the mailman server and the proxies. > > > >Where was lists.pagure.io announced? I'd like more details on what > it > >actually does. > > It wasn't announced since it doesn't exist yet :) > > It is basically another domain attached to our existing mailman3 > deployment so > projects hosted on pagure.io can ask for mailing lists. > The first two I'll ask for being pagure-devel and pagure-announce :) Ahh. If needed/helpful I suspect OSAS could host it as well :). Regards, bex > > > Pierre > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to > infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org > -- Brian (bex) Exelbierd | bexel...@redhat.com | b...@pobox.com Fedora Community Action & Impact Coordinator @bexelbie | http://www.winglemeyer.org ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: add lists.pagure.io to our mailing-lists
On Mon, Sep 24, 2018 at 02:46:00PM +0200, Brian (bex) Exelbierd wrote: >On Fri, Sep 21, 2018 at 4:40 PM Aurelien Bompard >wrote: > > Hey folks! > > Pingou would like to announce the availability of mailing-lists on > lists.pagure.io with the 5.0 release. The following patch should add > the new domain to our mailing list server. > Affected services are the mailman server and the proxies. > >Where was lists.pagure.io announced? I'd like more details on what it >actually does. It wasn't announced since it doesn't exist yet :) It is basically another domain attached to our existing mailman3 deployment so projects hosted on pagure.io can ask for mailing lists. The first two I'll ask for being pagure-devel and pagure-announce :) Pierre ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
[Fedocal] Reminder meeting : Infra Office Hours
Dear all, You are kindly invited to the meeting: Infra Office Hours on 2018-09-25 from 18:00:00 to 19:00:00 UTC At fedora-ad...@irc.freenode.net The meeting will be about: Weekly hour dedicated to answer questions or help people with fixing tickets or implementing features. Source: https://apps.fedoraproject.org/calendar/meeting/9255/ ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: a few more changes for lists.pagure.io
+1 Please do
On Sun, 23 Sep 2018 at 02:11, Pierre-Yves Chibon wrote:
>
> On Sat, Sep 22, 2018 at 01:03:29PM -0700, Kevin Fenzi wrote:
> > I had to make a few more changes to get lists.pagure.io working.
> >
> > I haven't pushed these to all the proxies yet, will wait until I get
> > +1's or revert.
> >
> > commit 2359610fd4298fd9e54fbb49bdf809ff387639e5
> > Author: Kevin Fenzi
> > Date: Sat Sep 22 20:01:06 2018 +
> >
> > add lists.pagure.io to varnish config
> >
> > diff --git a/roles/varnish/templates/proxies.vcl.j2
> > b/roles/varnish/templates/proxies.vcl.j2
> > index 121fbec..5150c36 100644
> > --- a/roles/varnish/templates/proxies.vcl.j2
> > +++ b/roles/varnish/templates/proxies.vcl.j2
> > @@ -282,7 +282,7 @@ sub vcl_recv {
> > }
> > }
> > }
> > -if (req.http.X-Forwarded-Server ~ "^lists.fedoraproject.org" ||
> > req.http.X-Forwarded-Server ~ "^lists.stg.fedoraproject.org" ||
> > req.http.X-Forwarded-Server ~ "^lists.fedorahosted.org" ||
> > req.http.X-Forwarded-Server ~ "^lists.stg.fedorahosted.org" ) {
> > +if (req.http.X-Forwarded-Server ~ "^lists.fedoraproject.org" ||
> > req.http.X-Forwarded-Server ~ "^lists.stg.fedoraproject.org" ||
> > req.http.X-Forwarded-Server ~ "^lists.fedorahosted.org" ||
> > req.http.X-Forwarded-Server ~ "^lists.stg.fedorahosted.org" ||
> > req.http.X-Forwarded-Server ~ "^lists.pagure.io" ) {
> > set req.backend_hint = mailman;
> > }
> > if (req.http.X-Forwarded-Server ~ "^apps.fedoraproject.org" ||
> > req.http.X-Forwarded-Server ~ "^apps.stg.fedoraproject.org") {
> >
> > and
> >
> > commit 3363db41b29f017d1365a91feec102d0b2a5ce7f
> > Author: Kevin Fenzi
> > Date: Sat Sep 22 19:36:58 2018 +
> >
> > need certbot here and it will use the right names
> >
> > diff --git a/playbooks/include/proxies-websites.yml
> > b/playbooks/include/proxies-websites.yml
> > index 65597cd..d76c963 100644
> > --- a/playbooks/include/proxies-websites.yml
> > +++ b/playbooks/include/proxies-websites.yml
> > @@ -904,8 +904,9 @@
> >- role: httpd/website
> > site_name: lists.pagure.io
> > sslonly: true
> > -cert_name: lists.pagure.io.cert
> > -SSLCertificateChainFile: lists.pagure.io.intermediate.cert
> > +certbot: true
> > +tags:
> > +- lists.pagure.io
> >
> > # fedorahosted is retired. We have the site here so we can redirect it.
> >
>
>
>
> +1 for me, thanks :)
>
>
> Pierre
> ___
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
--
Stephen J Smoogen.
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
suggested patch for review - issue 7158 - corrections
Happy Monday all. Here's an updated set of patches for issue 7158, with
some of Kevin's comments on my previous attempt for context;
On 9/18/18 5:44 PM, Kevin Fenzi wrote:
>
> Confusingly, we have a 'certbot' rule, but thats old and we should nuke
> it. The new one is the 'letencrypt' role. It handles requesting a cert
> from letsencrypt for the site it's called with and putting certs on any
> other machines.
>
> So, keep the planet role as it is.
>
> Instead add to the playbooks/groups/people.yml the letencrypt role with
> the site_name as fedoraplanet.org. Take a look at the taskotron.yml
> playbook, I added this setup for taskotron-dev eariler today.
>
New people.yml patch adding certgetter role - tried to follow the
taskotron-dev example;
diff --git a/playbooks/groups/people.yml b/playbooks/groups/people.yml
index e7661b4b4..77b34cb23 100644
--- a/playbooks/groups/people.yml
+++ b/playbooks/groups/people.yml
@@ -69,6 +69,7 @@
- cgit/make_pkgs_list
- clamav
- planet
+ - { role: letsencrypt, site_name: 'fedoraplanet.org' }
- fedmsg/base
- git/server
>> ^/\.well-known/(.*)/srv/web/acme-challenge/.well-known/$1 [L]
>> + RewriteRule "^/?(.*)" "https://certgetter01/$1; [L,R=301,NE]
>
> Change 'certgetter01' here to 'fedoraproject.org'. That will hit our
> proxies and get proxied into certgetter.
>>
>
> kevin
>
New planet.conf patch with above change;
diff --git a/roles/planet/templates/planet.conf
b/roles/planet/templates/planet.conf
index 319923d2a..0875e7aa4 100644
--- a/roles/planet/templates/planet.conf
+++ b/roles/planet/templates/planet.conf
@@ -14,6 +14,11 @@
ErrorLog logs/planet-error.log
CustomLog logs/fedoraplanet.org-access.log common
+
+ # let certbot get an answer from certgetter01
+ RewriteEngine on
+ RewriteRule
^/\.well-known/(.*)/srv/web/acme-challenge/.well-known/$1 [L]
+ RewriteRule "^/?(.*)" "https://fedoraproject.org/$1; [L,R=301,NE]
UserDir disable
AddCharset UTF-8 .xml
@@ -79,3 +84,32 @@
RedirectMatch permanent /(.*) http://fedoraplanet.org/$1
+
+ ##
+ # Domain: fedoraplanet.org
+ # Owner: ad...@fedoraplanet.org
+ #
+ ServerName fedoraplanet.org
+
+ SSLEngine on
+ SSLCertificateFile /etc/letsencrypt/live/fedoraplanet.org/cert.pem
+ SSLCertificateKeyFile
/etc/letsencrypt/live/fedoraplanet.org/privkey.pem
+ SSLCertificateChainFile
/etc/letsencrypt/live/fedoraplanet.org/fullchain.pem
+ SSLHonorCipherOrder On
+ SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
+ SSLProtocol ALL -SSLv2
+
+ ServerAdmin ad...@fedoraplanet.org
+ ServerName fedoraplanet.org
+
+ DocumentRoot "/srv/planet/site/"
+
+ ErrorLog logs/planet-error.log
+ CustomLog logs/planet.fedoraproject.org-access.log common
+
+ UserDir disable
+ AddCharset UTF-8 .xml
+
+ RedirectMatch permanent /(.*) http://fedoraplanet.org/$1
+
+
Thanks!
Zach
diff --git a/playbooks/groups/people.yml b/playbooks/groups/people.yml
index e7661b4b4..77b34cb23 100644
--- a/playbooks/groups/people.yml
+++ b/playbooks/groups/people.yml
@@ -69,6 +69,7 @@
- cgit/make_pkgs_list
- clamav
- planet
+ - { role: letsencrypt, site_name: 'fedoraplanet.org' }
- fedmsg/base
- git/server
diff --git a/roles/planet/templates/planet.conf b/roles/planet/templates/planet.conf
index 319923d2a..0875e7aa4 100644
--- a/roles/planet/templates/planet.conf
+++ b/roles/planet/templates/planet.conf
@@ -14,6 +14,11 @@
ErrorLog logs/planet-error.log
CustomLog logs/fedoraplanet.org-access.log common
+
+# let certbot get an answer from certgetter01
+RewriteEngine on
+RewriteRule ^/\.well-known/(.*)/srv/web/acme-challenge/.well-known/$1 [L]
+RewriteRule "^/?(.*)" "https://fedoraproject.org/$1; [L,R=301,NE]
UserDir disable
AddCharset UTF-8 .xml
@@ -79,3 +84,32 @@
RedirectMatch permanent /(.*) http://fedoraplanet.org/$1
+
+##
+# Domain: fedoraplanet.org
+# Owner: ad...@fedoraplanet.org
+#
+ServerName fedoraplanet.org
+
+SSLEngine on
+SSLCertificateFile /etc/letsencrypt/live/fedoraplanet.org/cert.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/fedoraplanet.org/privkey.pem
+SSLCertificateChainFile /etc/letsencrypt/live/fedoraplanet.org/fullchain.pem
+SSLHonorCipherOrder On
+SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
+SSLProtocol ALL -SSLv2
+
+ServerAdmin ad...@fedoraplanet.org
+ServerName fedoraplanet.org
+
+DocumentRoot "/srv/planet/site/"
+
+ErrorLog logs/planet-error.log
+CustomLog logs/planet.fedoraproject.org-access.log common
+
+UserDir disable
+AddCharset UTF-8 .xml
+
+RedirectMatch permanent /(.*) http://fedoraplanet.org/$1
+
+
signature.asc
Description: OpenPGP digital signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines:
Re: Moving forward with Fedora's PDC
On Mon, Sep 24, 2018 at 2:43 PM Clement Verna wrote: > > > > On Mon, 24 Sep 2018 at 11:30, Michal Novotny wrote: >> >> Hello, >> >> could we use this? >> >> https://github.com/PostgREST/postgrest > > > While I don't have a strong preference for one or the other, the main reason > we decided to use DRF is to be able to reuse some of code from PDC > (https://github.com/product-definition-center/product-definition-center). We > are currently working on the releases endpoint > (https://github.com/fedora-infra/fpdc) and to be fair we did not reuse to > much code so far, but I expect that it will be the case when working on > components and composes endpoint. I guess it mainly depends on the people doing the work (that means you and the rest of the pack). clime > > >> >> we could trim down PDC to just db + REST API (+ git backend syncing >> through hooks?) >> >> It's written in Haskell (!!) and it looks really like a useful piece >> of technology. >> >> We could drop Django completely and have git for any write changes, which >> means we will automatically get: >> >> - version control >> - acls >> - public interface >> >> for free without any future maintenance. >> >> Only the writeable/interesting parts of PDC would be in DistGit. >> >> I don't know what will be stored in PDC at this point but I think >> just db + REST + git would be a suitable stack for a high-level >> release-engineering-like settings. >> >> clime >> >> P.S. I would personally be happy to help with this setup. >> >> On Wed, Sep 12, 2018 at 8:57 PM Randy Barlow >> wrote: >> > >> > On 09/12/2018 04:01 AM, Clement Verna wrote: >> > > [0] https://github.com/dhatim/python-license-check >> > >> > This looks useful, thanks for sharing! >> > >> > ___ >> > infrastructure mailing list -- infrastructure@lists.fedoraproject.org >> > To unsubscribe send an email to >> > infrastructure-le...@lists.fedoraproject.org >> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> > List Archives: >> > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org >> ___ >> infrastructure mailing list -- infrastructure@lists.fedoraproject.org >> To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org > > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: add lists.pagure.io to our mailing-lists
On Fri, Sep 21, 2018 at 4:40 PM Aurelien Bompard
wrote:
> Hey folks!
>
> Pingou would like to announce the availability of mailing-lists on
> lists.pagure.io with the 5.0 release. The following patch should add
> the new domain to our mailing list server.
> Affected services are the mailman server and the proxies.
>
Where was lists.pagure.io announced? I'd like more details on what it
actually does.
Thanks,
bex
>
> Can I get a couple +1s?
>
> A.
>
>
> commit 46c844f7ad9dfbd824c49fcbd95be3575345d2df
> Author: Aurélien Bompard
> Date: Thu Sep 20 08:28:47 2018 +
>
> Add lists.pagure.org to Mailman
>
> Signed-off-by: Aurélien Bompard
>
> diff --git a/playbooks/include/proxies-reverseproxy.yml
> b/playbooks/include/proxies-reverseproxy.yml
> index 8d35a5f..8461162 100644
> --- a/playbooks/include/proxies-reverseproxy.yml
> +++ b/playbooks/include/proxies-reverseproxy.yml
> @@ -71,6 +71,15 @@
> keephost: true
> proxyurl: "{{ varnish_url }}"
>
> + - role: httpd/reverseproxy
> +website: lists.pagure.io
> +destname: mailman3
> +localpath: /
> +remotepath: /
> +header_scheme: true
> +keephost: true
> +proxyurl: "{{ varnish_url }}"
> +
># The place for the raw originals
>- role: httpd/reverseproxy
> website: meetbot-raw.fedoraproject.org
> diff --git a/playbooks/include/proxies-websites.yml
> b/playbooks/include/proxies-websites.yml
> index 9c0e173..65597cd 100644
> --- a/playbooks/include/proxies-websites.yml
> +++ b/playbooks/include/proxies-websites.yml
> @@ -901,6 +901,12 @@
> - release-monitoring.org
> when: env == "staging"
>
> + - role: httpd/website
> +site_name: lists.pagure.io
> +sslonly: true
> +cert_name: lists.pagure.io.cert
> +SSLCertificateChainFile: lists.pagure.io.intermediate.cert
> +
> # fedorahosted is retired. We have the site here so we can redirect it.
>
>- role: httpd/website
> diff --git a/roles/base/files/postfix/main.cf/main.cf.smtp-mm
> b/roles/base/files/postfix/main.cf/main.cf.smtp-mm
> index 65e3cf7..3130cd0 100644
> --- a/roles/base/files/postfix/main.cf/main.cf.smtp-mm
> +++ b/roles/base/files/postfix/main.cf/main.cf.smtp-mm
> @@ -305,7 +305,7 @@ unknown_local_recipient_reject_code = 550
> #
> #relay_domains = $mydestination
>
> -relay_domains = $mydestination lists.fedoraproject.org
> lists.fedorahosted.org fedorahosted.org
> +relay_domains = $mydestination lists.fedoraproject.org
> lists.fedorahosted.org fedorahosted.org lists.pagure.io
>
> # INTERNET OR INTRANET
>
> diff --git a/roles/base/files/postfix/transports.mm-smtp
> b/roles/base/files/postfix/transports.mm-smtp
> index 582d455..ace4660 100644
> --- a/roles/base/files/postfix/transports.mm-smtp
> +++ b/roles/base/files/postfix/transports.mm-smtp
> @@ -2,4 +2,5 @@ lists.fedoraproject.org smtp:[
> mailman01.vpn.fedoraproject.org]
> lists.fedorahosted.org smtp:[mailman01.vpn.fedoraproject.org]
> redhat.com smtp:[mailman01.vpn.fedoraproject.org]
> lists2.fedoraproject.org smtp:[mailman01.vpn.fedoraproject.org]
> +lists.pagure.io smtp:[mailman01.vpn.fedoraproject.org]
> fedorahosted.org smtp:[bastion.vpn.fedoraproject.org]
> diff --git a/roles/mailman/tasks/main.yml b/roles/mailman/tasks/main.yml
> index 41e3ff6..a665bc1 100644
> --- a/roles/mailman/tasks/main.yml
> +++ b/roles/mailman/tasks/main.yml
> @@ -519,6 +519,14 @@
>- restart memcached
>
>
> +# SSL
> +- name: Letsencrypt for lists.pagure.org
> + include_role: name=letsencrypt
> + vars:
> +site_name: lists.pagure.io
> + when: env == 'production'
> +
> +
> # Start services
> - name: start services
>service: state=started enabled=yes name={{ item }}
> ___
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to
> infrastructure-le...@lists.fedoraproject.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
>
--
Brian (bex) Exelbierd | bexel...@redhat.com | b...@pobox.com
Fedora Community Action & Impact Coordinator
@bexelbie | http://www.winglemeyer.org
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
